Petr Beneš 6558595ca3
[LLD][COFF] Fix out-of-bounds write when filling gaps with INT3 in code sections (#180411)
When merging `.bss` into a code section (e.g., `/MERGE:.bss=.text`), the
INT3 gap-filling loop in `writeSections()` would write past the output
buffer. This happens because `.bss` chunks have `hasData=false`, so they
contribute to `VirtualSize` but not `SizeOfRawData`. The loop was using
chunk RVAs without checking if they exceeded the raw data region.

This caused a crash on Windows with `/FILEALIGN:1` (access violation
0xC0000005). The tight alignment leaves no slack in the mapped buffer,
so the overflow immediately hits unmapped memory.

The fix bounds all memset operations to `rawSize` and exits early when
encountering chunks beyond the raw data boundary.

Fixes #180406
2026-02-10 13:26:03 +00:00
..